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identifying change of release date and an increase in version number. 
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Scope 



The present document defines functions and syntax of a set of administrative commands for a telecommunication IC 
Card. 

The commands defined in the present document are compliant to the commands defined in the 1SO/IEC 7816 series 
where corresponding commands in ISO/IEC are available. The commands described in the present document are using 
parts of the functionality of the commands described in the ISO/IEC 7816 series. An IC Card supporting the command 
set based on the present document shall support the command as defined in the present document. However, it is up to 
the IC Card to provide more functionality than described in the present document. 

The present document does not cover the internal implementation within the ICC and/or the external equipment. 



References 



The following documents contain provisions which, through reference in this text, constitute provisions of the present 
document. 

• References are either specific (identified by date of publication, edition number, version number, etc.) or 
non-specific. 

• For a specific reference, subsequent revisions do not apply. 

• For a non-specific reference, the latest version applies. 

• A non-specific reference to an ETS shall also be taken to refer to later versions published as an EN with the same 
number. 

[1] ISO/IEC 7816-4 (1995): "Information technology - Identification cards - Integrated circuit(s) cards 

with contacts - Part 4: Interindustry commands for interchange". 

[2] ISO/IEC 7816-8 (1999): "Identification cards - Integrated circuit(s) cards with contacts - Part 8: 

Security related interindustry commands". 

[3] ISO/IEC FCD 7816-9 (1999): "Identification cards - Integrated circuit(s) cards with contacts, 

Part 9: Additional inter-industry commands and security attributes". 

[4] 3G TS 31.101: "3 rd Generation Partnership Project; Technical Specification Group Terminals; 

UICC-Terminal Interface; Physical and Logical Characteristics". 

[5] GSM 11.11: "Digital cellular telecommunications system (Phase 2+); Specification of the 

Subscriber Identity Module - Mobile Equipment (SIM - ME) interface". 



3 Definitions, abbreviations and symbols 

3.1 Definitions 

For the purposes of the present document the following terms and definitions apply: 

Access Conditions (AC): set of security attributes associated to a file. 

administrative command: command modifying the internal properties of the file system of an ICC. 

current directory: latest directory (Dedicated File (DF)) selected in the ICC. 

current EF: latest Elementary File (EF) selected in the ICC. 

current file: latest file (DF or EF) selected in the ICC. 
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Dedicated File (DF): file containing Access Conditions (AC) and allocable memory. It may be the parent of Elementary 
Files (EF) and/or Dedicated Files (DF). 

directory: general name for MF or DF. 

Elementary File (EF): file containing Access Conditions (AC) and data. It can not be the parent of another file. 

file IDentifier (ID): each file (DF, EF) has a file identifier consisting of 2 bytes. 

Master File (MF): mandatory unique DF representing the root of the file structure and containing Access Conditions 
(AC) and allocable memory. It may be the parent of elementary files and/or dedicated files. 

operating system: required to manage the logical resources of a system, including process scheduling and file 
management. 

operating system termination state: ICC in this state shall be permanently unusable for the cardholder. 

record: string of bytes handled as a whole by the ICC and terminal and referenced by a record number or a record 
pointer. 

record number: is sequential and unique within an EF. It is managed by the ICC. 

telecommunication card: ICC mainly used for telecommunication applications. 



3.2 



Abbreviations 



For the purposes of the present document the following abbreviations apply: 

AC Access Condition 

ADF Application Dedicated File 

ADM Access condition to an EF which is under the control of the authority which creates this file 

ALW ALWays 

AM Access Mode byte 

AM_DO Access Mode Data Object 

APDU Application Protocol Data Unit 

ARR Access Rule References 

AT Authentication Template 

ATR Answer To Reset 

CCT Cryptographic Checksum Template 

CHV Card Holder Verification information 

CLA CLAss 

CRT Control Reference Template 

CT Confidentiality Template 

DF Dedicated File (abbreviation formerly used for Data Field) 

DST Digital Signature Template 

EF Elementary File 

ETSI European Telecommunications Standards Institute 

FCP File Control Parameters 

GSM Global System for Mobile communications 

IC Integrated Circuit 

ICC Integrated Circuit(s) Card 

ID IDentifier 

IEC International Electrotechnical Commission 

INS INStruction 

ISO International Organization for Standardization 

Lc Length of Command data sent by the application layer 

LCSI Life Cycle Status Information 

Le Maximum length of data Expected by the application layer 

LSB Least Significant Bit 

M Mandatory 

MF Master File 

MSB Most Significant Bit 
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NEV NEVer 

O Optional 

PIN Personal Identification Number 

PS PIN Status 

PS_DO PIN Status Data Object 

RFU Reserved for Future Use 

SC Security Condition 

SC_DO Security Condition Data Object 

SE Security Environment 

SEID Security Environment ID 

SIM Subscriber Identity Module 

SM Secure Messaging 

SW1/SW2 Status Word 1 / Status Word 2 

TLV Tag Length Value 

TS Technical Specification 



3.3 Symbols 

For the purposes of the present document the following symbols apply: 



'0' to '9' and 'A' to 'F' 
b8...bl 



Single quotation is used to indicate hexadecimal notation. 

The sixteen hexadecimal digits 

Bits of one byte. b8 is the MSB, bl the LSB 



Mapping principles 



IC Cards compliant to the present document shall follow the rules of 3G TS 31.101 [4] chapter 7 (Transmission 
Protocols) and chapter 10 (Structure of commands and responses). 



Security Architecture 



This clause describes the general coding of security attributes assigned to files by use of the CREATE FILE command. 



5.1 Security attributes 



The security attributes are attached to a DF/EF and they are part of the FCP given in the CREATE FILE command. A 
security attribute is constructed using two basic data elements, the AM information and the security condition 
information SC. This information can be indicated in a compact format or an expanded format see ISO/IEC 7816-9 [3]. 
The security attributes are indicated in the FCP using tag '8B', tag '8C or tag AB' depending upon the format used, see 
ISO/IEC 7816-9 [3]. 

5.1.1 Access mode indication 

The AM information indicates what operations are allowed on a DF/EF. The coding of the AM information is file 
dependent i.e. the content of the access mode byte or data object is different if a DF or an EF is created, see 
ISO/IEC 7816-9 [3]. The access mode information is indicated in the FCP of the CREATE FILE command. 

The security conditions for bits not set to 1 in the AM byte are set to NEVer by default. 



5. 1 .2 Security conditions 



In order to perform other commands on a file than the SELECT and STATUS the security condition for the file must be 
met. A security condition data object contains the conditions to be met in order to perform certain commands on a 
selected DF/EF. The SC or SC_DO contains information on what type of verification is needed (usage qualifier). This is 
defined by tag '95' as defined in ISO/IEC 7816-9[3]. The SC_DO also contains a reference pointer, in this case a key 
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reference. The key reference is indicated using tag '83' as defined in ISO/IEC 7816-4 [1]. The key reference is used to 
indicate what key is to be verified in the VERIFY command as defined in ISO/IEC 7816-4[1]. The SC information is 
indicated in the FCP of the CREATE FILE command. 



5.1 .3 Access condition mapping 



The access coding mapping is application specific. The access coding mapping can be found in the annex A and 
annex B. 

5.2 Access rules 

An access rule is a requirement that has to be met in order to perform operations on a file. An access rule contains an 
AM byte/AM_DO that indicates what commands can be performed and a SC byte/SC_DO that indicates what SC must 
be met to be able to perform the commands indicated in the AM byte/AM_DO. 

The CRT tags for SC_DOs are defined in ISO/IEC 7816-9 [3], The SC required to perform commands indicated in the 
AM byte/ AM_DO may be a simple condition or a logical OR or AND condition of several SC_DOs. The constructed 
TLV object containing AM bytes/AM_DOs and SC bytes/SC_DOs is an access rule. An access rule can be indicated in 
the FCP of the CREATE FILE command in one of the following ways. 

Tag '8C Security attributes, compact format 

Tag AB' Security attributes expanded format. 

Tag '8B' Security attributes. Referenced to expanded format. 

The security attribute formats to be supported shall be defined by the application(s), e.g. see annex A and annex B. 



5.2.1 Compact format 



The compact format is indicated by tag '8C in the FCP. In the compact format an access rule consists of an AM byte and 
one or more SC bytes as defined in ISO/IEC 7816-9 [3]. 

The AM byte conveys two types of information. The interpretation of the AM byte itself, this is coded on b8 and the 
number of SC bytes following, this is equal to the number of bits set to '1' in bits b7-bl in the AM byte. If b8 in the AM 
byte is set to T an SC byte must be supplied for each bit set to T in the AM byte (excluding b8). If b8 in the AM byte is 
set to T the usage of bits b7-b4 is proprietary. 

When multiple sets of AM byte and one or more corresponding SC bytes are present in the value field they present an 
OR condition. 



5.2.2 Expanded format 

The expanded format is indicated by tag AB' in the FCP. In the expanded format an access rule consists of one AM_DO 
followed by a sequence of SC_DOs. The contents of the AM_DO is defined by the tag that it is indicated with, see 
ISO/IEC 7816-9 [3]. Tag '80' indicates that the AM_DO contains an AM byte. The sequence of SC_DOs following the 
AM_DO is relevant for all commands specified in the AM_DO. The different SC_DOs can form an OR or and AND 
condition as defined in ISO/IEC 7816-9 [3], The information following tag AB' in the FCP can be complex and contain 
a lot of data if the rule is complicated. 

5.2.3 Referenced to expanded format 

In case the access rule is very complex and it applies to more than one file referencing to the expanded format can be 
used to indicate the access rule see ISO/IEC 7816-9 [3]. The referenced format is indicated in the FCP following tag 
'8B'. The access rule is stored in a file, EF ARR . This file is a linear fixed/variable file. Referencing is based on the file ID 
and record number. Referencing can also be based on file ID, SEID and record number. This allows the usage of 
different access rules in different security environments. Referencing EF ARR is based on the file ID. This implies that an 
EF ARR shall exist under each DF. If an EF ARR can not be found in the current DF the parent DF shall be used for 
searching for EF ARR . 
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Each record in EF ARR contains a sequence of AM_DOs followed by SC_DOs. The content of the record is the rule that 
applies for access to the selected file. 



5.3 



PIN status indication 



The status of a PIN that is used by an application for user verification shall be indicated in the FCP of the CREATE 
FILE command for an ADF or DF. In case the PIN status of a PIN already used is indicated in the PIN status template of 
the CREATE FILE command and its value is different from the current status of the parent DF the value indicated in the 
PIN status DO shall be ignored and the PIN status of the parent DF is used. 

The PIN status information is indicated in the FCP in the PS template DO using tag 'C6'. The PS template DO conveys 
two types of data, first the PS_DO indicated by tag '90' that indicates the status of the PIN(s) enabled/disabled. The 
PS_DO is followed by one or more key reference data objects indicated by tag '83'. The PIN status may be encoded over 
several bytes. For each bit set to T the corresponding key reference (PIN) is enabled. The PS_DO is coded using a 
bitmap list. Bit b8 in the most significant byte corresponds to the first key reference indicated in tag '83' following the 
PS_DO. Bits b7-bl are mapped to consecutive key references indicated by tag '83'. A key reference data object may be 
proceeded by a usage qualifier data object. The usage qualifier data object indicated by tag '95' indicates whether an 
enabled PIN needs to be verified. If the usage qualifier data object is given in the FCP of the CREATE FILE command 
for a DF this allows the verification of the key reference to be neglected even if it is enabled. The content of the usage 
qualifier is defined in table 1. From table 1 for user PIN verification the value to be used is '08'. See 3G TS 31.101 [4] 
for an use case of the usage qualifier. 

Table 1 : Usage qualifier coding 



b8 b7 b6 b5 b4 


b3 b2 bl 


Meaning 








don't use the verification requirement for verification 


1 - - - - 




- use verification (DST,CCT) 

- use encipherment (CT) 

- use external authentication (AT) 


- 1 - - - 




- use computation (DST,CCT) 

- use decipherment (CT) 

- use internal authentication (AT) 


- - 1 - - 




- use SM response (CCT, CT, DST) 


- - - 1 - 


- - - 


- use SM command (CCT, CT, DST) 


1 




- use user authentication, knowledge based i.e. PIN for 
verification (Key Reference data) 




1 - - 


- use user authentication, biometric based 




- X X 


- RFU (default = 00) 



The PS template DO is constructed as indicated in tables 2 and 3. 

Table 2: PS Template DO structure 



PS 


L 


PS- 


L 


V 


Key- 


L 


V 


Key- 


L 


V 


Template 




DOTag 






reference 






reference 






DO Tag 








PS-byte(s) 


Tag 






Tag 






'A5' 


LI 


'90' 


L2 


see text 
above 


'83' 


'01' 


see Annex 
A,B 


'83' 


'01' 


see 

Annex 

A,B 



Table 3: PS Template DO structure when usage qualifier used 



PS 


L 


PS- 


L 


V 


Usage 


L 


V 


Key- 


L 


V 


Key- 


L 


V 


Template 




DO 






Qualifier 






reference 






reference 






DO Tag 




Tag 




PS- 

byte(s) 


Tag 






Tag 






Tag 






'A5' 


L 

1 


'90' 


L 

2 


see text 
above 


'95' 


'01' 


see 
table 


'83' 


'01' 


see 
annexes 


'83' 


'01' 


see 
annexes A 
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1 




2 


above 






1 






AandB 






andB 



6 Description of the functions and commands 

This clause gives a functional description of the commands, their respective responses, associated status conditions, 
error codes and their coding. 



6.1 Coding of the Commands 



Table 4: Coding of the commands 



Command 


CLA 


INS 


CREATE FILE 


'00' 


'E0' 


DELETE FILE 


'00' 


'E4' 


DEACTIVATE FILE 


'00' 


'04' 


ACTIVATE FILE 


'00' 


'44' 


TERMINATE DF 


'00' 


'E6' 


TERMINATE EF 


'00' 


'E8' 


TERMINATE CARD USAGE 


'00' 


'FE' 



The coding of the CLA-bytes shall be according to ISO/IEC 7816-4 [1] subclause 5.4.1. 

All bytes specified as RFU shall be set to '00' and all bits specified as RFU shall be set to 0. 

These are the basic commands under the assumption of no secure messaging (SM). If SM is used, the Lc and data field 
must be adopted. 

Other commands may be needed in order to execute the commands listed above (e.g. EXTERNAL AUTHENTICATE). 
If such commands are necessary, they shall be coded according to ISO/IEC 7816-4 [1] or ISO/IEC 7816-8 [2]. 



6.2 TLV Objects 



All TLVs described in the present document shall be supported by the ICC. 

The sequence of mandatory TLV objects within the data field of any command specified in the present document shall 
be as in the description of the command. 

According to the requirements of the application, the mandatory list of TLVs may be appended by one of the Tags '85' 
(Proprietary Information, see ISO/IEC 7816-4 [1]) or A5' (Proprietary Information Constructed, see 
ISO/IEC 7816-9 [3]). 

Tag '85' or Tag A5' may be appended by other TLVs described in the present document or by any ISO/IEC or 
application dependent optional TLV object if necessary for a particular application. 



6.3 



CREATE FILE 



6.3.1 Definition and Scope 



This function allows the creation of a new file under the current DF or ADF. The access condition for the CREATE 
FILE function of the current DF or ADF shall be fulfilled. 

When creating an EF with linear fixed or cyclic structure the ICC shall directly create as many records as allowed by the 
requested file size. 

After the creation of a DF, the current directory shall be on the newly created file. In case of an EF creation, the current 
EF shall be on the newly created file and the current directory is unchanged. After creation of an EF with linear fixed 
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structure, the record pointer is not defined. After creation of an EF with cyclic structure, the current record pointer is on 
the last created record . 

After creation, the created EF or DF is activated. 

The memory space allocated shall be reserved for the created file. 

This command can be performed only if logical channel is selected and no other logical channel is open. 

If an ADF is created, some instance has to take care of the administration of the application, e.g. updating the EF DIR with 
the application ID. The CREATE FILE command does not take care of this administration by its own. The DF Name tag 
shall only provided in the command, if an ADF is created. 

The CREATE FILE command shall initialise newly created EFs with FF'. The content of the whole newly created EF 
shall consist of bytes of this value. If, for another application, other default values are required, this default behaviour 
can be overwritten by specifying an appropriate TLV in the application dependent data TLV (tag '85' or A5') of the 
CREATE FILE command. 

6.3.2 Command Message 

The CREATE FILE command message is coded according to table 5. 

Table 5: CREATE FILE Command Message 



Code 


Value 


CLA 


As defined in ISO/IEC 7816-4 [1], bland b2 set to 


INS 


'EO' 


P1 


'00' 


P2 


'00' 


Lc 


Length of the subsequent data field 


Data Field 


Data sent to the ICC 


Le 


Not present 



6.3.2.1 Parameters P1 and P2 

PI and P2 are set to '00' indicating: FilelD and file parameters encoded in data. 
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6.3.2.2 



Data Field Sent in the Command Message 



6.3.2.2.1 



Creating a DF 

Table 6: Coding of the data field of the CREATE FILE command 
(in case of creation of a DF) 



Value 


M/O 


Description 


Length 


'62' 


M 


Tag: FCP Template 


1 byte 


LL 




Length (byte 3 to the end) 


1 byte 


'82' 


M 


Tag: File descriptor byte 


1 byte 


'01' 




Length of file descriptor byte 


1 byte 


'38' 




File descriptor byte indicating DF, see ISO/IEC 7816-4 [1] table 3 


1 byte 


'81' 


M 


Tag: Number of data bytes to be allocated for the DF 


1 byte 


'02' 




Length of number 


1 byte 


XX XX 




Amount of memory to be allocated to the DF 


2 bytes 


'83' 


M 


Tag: File ID 


1 byte 


'02' 




Length of file ID 


1 byte 


XX XX 




File ID 


2 bytes 


'8A' 


M 


Life Cycle Status Information (LCSI) 


1 byte 


'01' 




Length of the LCSI 


1 byte 


XX 




Life Cycle Status Information 


1 byte 


'8C 

'AB' 
'8B' 


M 


Tag: Security attributes: one of the following: 

Compact 

Expanded 

Referenced 


1 byte 


LL 




Length of security attributes related data 


1 byte 


XX ... XX 


M 


Data for the security attributes 




'84' 


O 


Tag: DF Name 


1 byte 


LL 




Length of DF Name 


1 byte 


XX 




DF Name 


1-16 bytes 


'85' or 
'A5' 


O 


Tag: Proprietary, application dependent 


1 byte 


LL 




Length of application dependent data 


1 byte 






Application dependent data (see below) 





LL: indicates a length of a TLV object coded in one hexadecimal byte. 

xx: indicates one hexadecimal byte. 

Security attributes: 

At least the key references that are used to allow access during the operational phase of the IC card are to be supplied in 
the security attributes. 

Tag '81': Number of Data Bytes: 

Amount of physical memory allocated for the DF or ADF. The amount of memory specifies, how much memory is 
available within the currently created DF or ADF to create EFs or other DFs. 

By specifying a value other than '0000' it is possible, to reserve the requested amount of physical memory from the 
current DF for the content of a DF or an ADF. 

The behaviour of the ICC for a value equals '0000' is for further study. 

Tag '84': DF Name: 

This TLV shall only be provided if an ADF is created. The DF name is a string of bytes which is used to uniquely 
identify a dedicated file in the card. 

Tag '8A': Life Cycle Status Information LCSI 
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Table 7: Coding of the LCSI 



b8 


b7 


b6 


b5 


b4 


b3 


b2 


b1 


Meaning 




















1 


1 


initialisation state 

















1 





1 


operational state - activated 

















1 








operational state - deactivated 



This TLV specifies the status of the file after creation. 

The initialisation state can be used to set the file into a specific security environment for administrative purposes. See 
ACTIVATE command. 

Security conditions: 

Security conditions are coded according to subclause 5.3. 

6.3.2.2.2 Creating an EF 

Table 8: Coding of the data field of the CREATE FILE command 
(in case of the creation of an EF) 



Value 


M/O 


Description 


Length 


'62' 


M 


Tag: FCP Template 


1 byte 


LL 




Length (next byte to the end) 


1 byte 


'82' 


M 


Tag: File descriptor byte 

or 
File descriptor byte followed by data coding byte and record length, coded 
on 1 byte 


1 byte 


LL 




Length of the data 


1 byte 


XX ... XX 




data 


1 or 3 bytes 


'80' 


M 


Tag: Number of data bytes to be allocated for the EF 


1 byte 


'02' 




Length of the number of bytes 


1 byte 


XX XX 




Amount of memory to be allocated to the EF 


2 bytes 


'83' 


M 


Tag: File ID 


1 byte 


'02' 




Length of the File ID 


1 byte 


XX XX 




File ID 


2 bytes 


'8A' 


M 


Life Cycle Status Information (LCSI) 


1 byte 


'01' 




Length of the LCSI 


1 byte 


XX 




Life Cycle Status Information 


1 byte 


'8C 'AB' '8B' 


M 


Tag: Security attributes: one of the following: 

Compact 

Expanded 

Referenced 


1 byte 


LL 




Length of security attributes related data 


1 byte 


XX ... XX 


M 


Data for the security attributes 




'88' 


O 


Tag: Short File Identifier 




LL 




Length of Short File Identifier 




XX 




Short File Identifier 




'85' or 'A5' 


O 


Tag proprietary, application dependent 


1 byte 


LL 




Length of application dependent data 


1 byte 






Application dependent data (see below) 





Tag '80' Number of Data Bytes: 

File size indicates the number of bytes allocated for the body of the file. In the case of an EF with linear or cyclic 
structure the maximum number of records multiplied with their respective length in bytes. 

Tag '82': File Descriptor or File Descriptor Byte followed by data coding byte and record length, coded on 1 byte 

For all file types, the first data byte in tag '82' is the file descriptor byte (see ISO/IEC 7816-4 [1]). 
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Table 9: Coding of the File Descriptor Byte 
(in case of creation of a EF) 



b8 


b7 


b6 


b5 


b4 


b3 


b2 


b1 


Meaning 























1 


Transparent EF 




















1 





Linear fixed 

















1 


1 





Cyclic 



For a transparent EF, there is no further data and the length byte of the TLV is coded as '01'. 

For a linear fixed file or a cyclic file, the file descriptor byte is followed by a data coding byte and a recordlength, coded 
on 1 byte. The length byte of the TLV is coded as '03' in this case. 

The data coding byte can be used differently according to table 86 in ISO/IEC 7816-4 [1]. For the present document, the 
value '20' (proprietary) shall be used and shall not be interpreted by the ICC. 

Tag '8A': Life Cycle Status Information LCSI 

Table 10: Coding of the LCSI 



b8 


b7 


b6 


b5 


b4 


b3 


b2 


b1 


Meaning 

















1 





1 


operational state - activated, not readable or 
updateable if deactivated 

















1 








operational state - deactivated, not readable 
or updateable if deactivated 


1 














1 





1 


operational state - activated, readable or 
updateable if deactivated 


1 














1 








operational state - deactivated, readable or 
updateable if deactivated 





1 














1 


1 


initialisation state - activated, not readable or 
updateable if deactivated when brought to 
operational state 


1 


1 














1 


1 


initialisation state - activated, readable or 
updateable if deactivated when brought to 
operational state 



This TLV specifies the status of the file after creation. 

The initialisation state can be used to set the file into a specific security environment for administrative purposes. See 
ACTIVATE command. 

Security conditions: 

Security conditions are coded according to subclause 5.3. 
Tag '88' Short File Identifier: 

The short file identifier is coded from bits b8 to b4. Bits b3,b2,bl = 000. 

The following 3 cases shall be supported by the ICC: 

Tag '88' is missing in the CREATE FILE command: The file ID is used as the identifier by the EF; 

Tag '88' is available in the CREATE FILE command, there is no value part in the TLV: Short file identifier not 
supported by the EF; 

Tag '88' is available in the CREATE FILE command, there is a short file identifier value in the TLV: Short file 
identifier is supported by the EF. 
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6.3.3 Response Message 



6.3.3.1 



Data Field Returned in the Response Message 



The data field of the response message is not present. 

6.3.3.2 Status Conditions Returned in the Response Message 

The following status conditions shall be returned by the ICC. 

Table 11 : CREATE FILE successful status conditions 



SW1 | SW2 | Meaning 


Normal processing 


'90' 


'00' 


- normal ending of the command 


'63' 


'OX' 


- command successful but after using an internal update 
retry routine 'X' times 


Errors 


'62' 


'83' 


- in contradiction with activation status 


'65' 


'81' 


- memory problem 


'67' 


'00' 


- incorrect length field 


'69' 


'82' 


- security status not satisfied 


'69' 


'85' 


Condition of use not satisfied: 
more than 1 logical channel open 
selected logical channel not channel 


'6A' 


'84' 


- not enough memory space 


'6A' 


'89' 


- file ID already exists 


'6A' 


'8A' 


- DF name already exists (only for creation of a DF and if a 
DF Name TLV is used) 


'6B' 


'00' 


- incorrect parameter P1 or P2 


'6D' 


'00' 


- command not supported or invalid 


'6E' 


'00' 


- wrong instruction class given in the command 


'6F 


'00' 


- technical problem with no diagnostic given 


'6F' 


'FX' 


- technical problem, X (proprietary) provides diagnostic 



6.4 



DELETE FILE 



6.4.1 Definition and Scope 



This command initiates the deletion of a referenced EF immediately under the current DF, or a DF with its complete 
subtree. 

The access condition for the DELETE FILE function of the current DF shall be fulfilled. 

After successful completion of this command, the deleted file can no longer be selected. The resources held by the file 
shall be released and the memory used by this file shall be set to the logical erased state. It shall not be possible to 
interrupt this process in such a way that the data can become recoverable. 

This command can be performed only if logical channel is selected and no other logical channel is open. 

If an ADF is deleted, some instance has to take care of the administration of the application, e.g. deleting the application 
ID entry in the EF DIR . The DELETE FILE command does not take care of this administration by its own. 
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6.4.2 Command Message 



The DELETE FILE command message is coded according to table 12. 

Table 12: DELETE FILE Command Message 



Code 


Value 


CLA 


As defined in ISO/IEC 7816-4 [1], b1 and b2 set to 


INS 


'E4' 


P1 


'00' 


P2 


'00' 


Lc 


Length of the subsequent data field 


Data Field 


Data sent to the ICC 


Le 


Not present 



6.4.2.1 



Parameters P1 and P2 



PI and P2 are set to '00', indicating the selection by file identifier as defined in ISO/IEC 7816-4 [1] for SELECT FILE 
command. 

6.4.2.2 Data Field Sent in the Command Message 

Table 13: Coding of the data field of the DELETE FILE command 



Bytes 


Description 


Length 


1 -2 


File ID (optional) 


2 bytes 



6.4.3 Response Message 



6.4.3.1 



Data Field Returned in the Response Message 



The data field of the response message is not present. 

6.4.3.2 Status Conditions Returned in the Response Message 

The following status conditions shall be returned by the ICC. 

Table 14: DELETE FILE status conditions 



SW1 


SW2 


Meaning 


Normal processing 


'90' 


'00' 


- normal ending of the command 


Errors 


'63' 


'OX' 


- command successful but after using an internal update 
retry routine 'X' times 


'65' 


'81' 


- memory problem 


'67' 


'00' 


- incorrect length field 


'69' 


'82' 


- security status not satisfied 


'69' 


'85' 


Condition of use not satisfied: 
more than 1 logical channel open 
selected logical channel not channel 


'6B' 


'00' 


- incorrect parameter P1 or P2 


'6D' 


'00' 


- command not supported or invalid 


'6E' 


'00' 


- wrong instruction class given in the command 


'6F' 


'00' 


- technical problem with no diagnostic given 


'6F' 


'FX' 


- technical problem, X (proprietary) provides diagnostic 
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6.5 



DEACTIVATE FILE 



The support of this command is mandatory for an ICC compliant to the present document. 
Refer to 3G TS 31.101 [4] for the specification of the command. 



6.6 



ACTIVATE FILE 



The support of this command is mandatory for an ICC compliant to the present document. 
Refer to 3G TS 31.101 [4] for the specification of the command. 
This command initiates the transition of a file from: 

the initialisation state; or 

the operational state (deactivated). 
To the operational state (activated). 



6.7 



TERMINATE DF 



6.7.1 Definition and Scope 



The TERMINATE DF command initiates the irreversible transition of the currently selected DF into the termination 
state (coding see LCSI coding in ISO/IEC 7816-9 [3]). 

Following a successful completion of the command, the DF is in terminated state and the functionality available from 
the DF and its subtree is reduced. The DF shall be selectable and if selected the warning status SW1/SW2='6285' 
(selected file in termination state) shall be returned. 

Further possible actions are not defined. 

The intend of DF termination is generally to make the application unusable by the cardholder. 

The command can be performed only if the security status satisfies the security attributes defined for this command. 

This command can be performed only if logical channel is selected and no other logical channel is open. 

NOTE: An appropriate security rule is to be setup and fulfilled in order to execute this command. 



6.7.2 Command Message 



The TERMINATE DF command message is coded according to table 15. 

Table 15: TERMINATE DF Command Message 



Code 


Value 


CLA 


As defined in ISO/IEC 7816-4 [1], b1 and b2 set to 


INS 


'E6' 


P1 


'00' 


P2 


'00' 


Lc 


Not present 


Data Field 


Not present 


Le 


Not present 



6.7.2.1 Parameters P1 and P2 

PI and P2 are set to '00'. 
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6.7.2.2 



Data Field Sent in the Command Message 



The data field of the command message is not present. 



6.7.3 Response Message 



6.7.3.1 



Data Field Returned in the Response Message 



The data field of the response message is not present. 

6.7.3.2 Status Conditions Returned in the Response Message 

The following status conditions shall be returned by the ICC. 

Table 16: TERMINATE DF status conditions 



SW1 


SW2 


Meaning 


Normal Processing 


'90' 


'00 


- normal ending of the command 


Errors 


'65' 


'81' 


- memory problem 


'67' 


'00' 


- incorrect length field 


'69' 


'82' 


- security status not satisfied 


'69' 


'85' 


Condition of use not satisfied: 
more than 1 logical channel open 
selected logical channel not channel 


'6B' 


'00' 


- incorrect parameter P1 or P2 


'6D' 


'00' 


- command not supported or invalid 


'6E' 


'00' 


- wrong instruction class given in the command 


'6F' 


'00' 


- technical problem with no diagnostic given 


'6F' 


'FX' 


- technical problem, X (proprietary) provides diagnostic 



6.8 



TERMINATE EF 



6.8.1 Definition and Scope 

The TERMINATE EF command initiates the irreversible transition of the currently selected EF into the termination 
state (coding see LCSI coding in ISO/IEC 7816-9 [3]). 

The command can be performed only if the security status satisfies the security attributes defined for this command. 

This command can be performed only if logical channel is selected and no other logical channel is open. 

6.8.2 Command Message 

The TERMINATE EF command message is coded according to table 17. 

Table 17: TERMINATE EF Command Message 



Code 


Value 


CLA 


As defined in ISO/IEC 7816-4 [1], b1 and b2 set to 


INS 


'E8' 


P1 


'00' 


P2 


'00' 


Lc 


Not present 


Data Field 


Not present 


Le 


Not present 



ETSI 



20 



ETSI TS 102 222 V3.0.0 (2000-05) 



6.8.2.1 Parameters P1 and P2 

PI and P2 are set to '00'. 

6.8.2.2 Data Field Sent in the Command Message 

The data field of the command message is not present. 

6.8.3 Response Message 



6.8.3.1 



Data Field Returned in the Response Message 



The data field of the response message is not present. 

6.8.3.2 Status Conditions Returned in the Response Message 

The following status conditions shall be returned by the ICC. 

Table 18: TERMINATE EF status conditions 



SW1 


SW2 


Meaning 


Normal Processing 


'90' 


'00 


- normal ending of the command 


Errors 


'65' 


'81' 


- memory problem 


'67' 


'00' 


- incorrect length field 


'69' 


'82' 


- security status not satisfied 


'69' 


'85' 


Condition of use not satisfied: 
more than 1 logical channel open 
selected logical channel not channel 


'6B' 


'00' 


- incorrect parameter P1 or P2 


'6D' 


'00' 


- command not supported or invalid 


'6E' 


'00' 


- wrong instruction class given in the command 


'6F' 


'00' 


- technical problem with no diagnostic given 


'6F' 


'FX' 


- technical problem, X (proprietary) provides diagnostic 



6.9 



TERMINATE CARD USAGE 



6.9.1 Definition and Scope 



The TERMINATE CARD USAGE command initiates the irreversible transition of the ICC into the termination state. 
Use of this command gives an implicit selection of the MF. 

The termination state should be indicated in the ATR (see ISO/IEC 7816-4 [1]) using the coding shown in table 2 of 
ISO/IEC 7816-9 [3]. 

Following a successful completion of the command, no other than the STATUS command shall be supported by the 
ICC. 

The intend of ICC termination is generally to make the ICC unusable by the cardholder. 

The command can be performed only if the security status satisfies the security attributes defined for this command. 

Note: 

An appropriate security rule is to be setup and fulfilled in order to execute this command. 
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6.9.2 Command Message 



The TERMINATE CARD USAGE command message is coded according to table 19. 

Table 19: TERMINATE CARD USAGE Command Message 



Code 


Value 


CLA 


As defined in ISO/IEC 7816-4 [1], b1 and b2 set to 


INS 


'FE' 


P1 


'00' 


P2 


'00' 


Lc 


Not present 


Data Field 


Not present 


Le 


Not present 



6.9.2.1 Parameters P1 and P2 

PI and P2 are set to '00'. 

6.9.2.2 Data Field Sent in the Command Message 

The data field of the command message is not present. 

6.9.3 Response Message 



6.9.3.1 



Data Field Returned in the Response Message 



The data field of the response message is not present. 

6.9.3.2 Status Conditions Returned in the Response Message 

The following status conditions may be returned by the ICC. 

Table 20: TERMINATE CARD USAGE status conditions 



SW1 


SW2 


Meaning 


Normal Processing 


'90' 


'00 


- normal ending of the command 


Errors 


'65' 


'81' 


- memory problem 


'67' 


'00' 


- incorrect length field 


'69' 


'82' 


- security status not satisfied 


'69' 


'85' 


Condition of use not satisfied: 
more than 1 logical channel open 
selected logical channel not channel 


'6B' 


'00' 


- incorrect parameter P1 or P2 


'6D' 


'00' 


- command not supported or invalid 


'6E' 


'00' 


- wrong instruction class given in the command 


'6F' 


'00' 


- technical problem with no diagnostic given 


'6F' 


'FX' 


- technical problem, X (proprietary) provides diagnostic 



ETSI 



22 



ETSI TS 102 222 V3.0.0 (2000-05) 



Annex A (normative): 

Application specific data for GSM 11.11 Application 

A.1 Access condition mapping for SIM 

The access condition groups are defined according to table 21. The usage of a key reference must be in accordance with 
the level it is defined for. The SC_DO to which a key reference is assigned also has a usage qualifier attached to it, for 
definition of usage qualifier see ISO/IEC 7816-9[3]. The usage qualifier indicates the type of verification to be 
performed in order to fulfil the SC. 

For the creation of cyclic files requiring the support of the INCREASE command an AM_DO tag indicating the 
existence of an instruction code in the definition list (tag '84') shall be supplied followed by one or more SC_DOs 
defining the security conditions for execution of the INCREASE command in the FCP of the CREATE FILE command. 

Table 21 : Access condition level coding 



Level 


Access Condition 





ALWays 


1 


CHV1 


2 


CHV2 


3 


RFU 


4 


ADM1 


5 


ADM2 


6 


ADM3 


7 


ADM4 


8 


ADM5 


9 


ADM6 


10 


ADM7 


11 


ADM8 


12 


ADM9 


13 


ADM10 


14 


ADM11 


15 


NEVer 



A key reference shall only be used for the purpose it is defined in table 22. 
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Table 22: Access condition mapping for SIM 



CRT 


Len 


Value 






Access 


Level 


Tag 










Condition 








Key Ref 


Len 


Value 










Tag 










'90' 


'00' 


- 


- 


- 


ALW 





'A4' 


'03' 


'83' 


■or 


'01' 


CHV1 


1 
















'A4' 


'03' 


'83' 


■or 


'0A 


ADM2 


5 


'A4' 


'03' 


'83' 


'01' 


'0B' 


ADM3 


6 


'A4' 


'03' 


'83' 


'01 ' 


'0C 


ADM4 


7 


'A4' 


'03' 


'83' 


'01 ' 


'OD' 


ADM5 


8 


'A4' 


'03' 


'83' 


'01' 


'OE' 


ADM6 


9 
















'A4' 


'03' 


'83' 


'01' 


'12' 


RFU 

(Global) 


3 


'A4' 


'03' 


'83' 


'01' 


'81' 


CHV2 


2 
















'A4' 


'03' 


'83' 


'01' 


'8A 


ADM7 


10 


'A4' 


'03' 


'83' 


'01' 


'8B' 


ADM8 


11 


'A4' 


'03' 


'83' 


'01' 


'8C 


ADM9 


12 


'A4' 


'03' 


'83' 


'01' 


'8D' 


ADM10 


13 


'A4' 


'03' 


'83' 


'01' 


'8E' 


ADM11 


15 


'A4' 


'03' 


'83' 


'01' 


'90' 


ADM1 
(Local) 


4 


'97' 


'00' 


- 


- 


- 


NEV 


15 



The SIM shall map parameter P2 value '02' of the VERIFY CHV command, UNBLOCK CHV command, CHANGE 
CHV command to the key reference value '81'. 



A.2 Proprietary tag coding for SIM 

For the GSM 11.11 [5] application, no proprietary data is specified. No 'A5' or '85' tag shall be provided in the 
CREATE FILE command. 



A.3 Security Attribute Formats 

For the GSM 11.11 [5] application, only the following security attribute formats are to be supported: 
- Tag '8C Security attributes, compact format; 

Tag '8B' Security attributes. Referenced to expanded format. 
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Annex B (normative): 

Application specific data for 3G TS 31 .101 Application 

B.1 Access condition mapping for 3G TS 31.101 
Application 

The access condition groups are defined according to table 23. Each group is divided into several key references. The 
usage of a key reference must be in accordance with the group it is defined for. The SC_DO to which a key reference is 
assigned also has a usage qualifier attached to it, for definition of usage qualifier see ISO/IEC 7816-9[3]. The usage 
qualifier indicates the type of verification to be performed in order to fulfil the SC. 

Table 23: Access condition level coding 



Level 


Access Condition 





ALWays 


1 


PIN 


2 


see note 1 


3to4 


Reserved for Future Use 


5 to 6 


see note 2 


7 


NEVer 



NOTE 1 : This level is reserved for a second PIN that may be defined by an application. 

NOTE 2: Allocation of these levels and the respective requirements for their fulfilment are the responsibility of the 
appropriate administrative authority. 

A key reference shall only be used for the purpose it is defined in table 24. 
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Table 24: Access condition mapping for 3G TS 31.101 Application 



CRT 


Len 


Value 












Access 


Level 


Tag 
















Condition 








Key Ref 


Len 


Value 


Usage 


Len 


Val 










Tag 






Qualifier 
Tag 










'90' 


'00' 


- 


- 


- 


- 


- 


- 


ALW 





'A4' 


'06' 


'83' 


'01' 


'01' 


'95' 


'01' 


'08' 


PIN Appl 1 


1 


■A4' 


'06' 


'83' 


'01' 


'02' 


'95' 


'01' 


'08' 


PIN Appl 2 




'A4' 


'06' 


'83' 


■or 


'03' 


'95' 


'01' 


'08' 


PIN Appl 3 




'A4' 


'06' 


'83' 


'01' 


'04' 


'95' 


'01' 


'08' 


PIN Appl 4 




'A4' 


'06' 


'83' 


'01' 


'05' 


'95' 


'01' 


'08' 


PIN Appl 5 


1 


'A4' 


'06' 


'83' 


'01' 


'06' 


'95' 


'01' 


'08' 


PIN Appl 6 




'A4' 


'06' 


'83' 


'01' 


'07' 


'95' 


'01' 


'08' 


PIN Appl 7 




'A4' 


'06' 


'83' 


'01' 


'08' 


'95' 


'01' 


'08' 


PIN Appl 8 




'B4' 


'06' 


'83' 


'01' 


'09' 


'95' 


'01' 


'08' 


RFU 




'A4' 


'06' 


'83' 


'01' 


'0A' 


'95' 


'01' 


'08' 


ADM1 


5 


'A4' 


'06' 


'83' 


'01' 


'0B' 


'95' 


'01' 


'08' 


ADM2 




'A4' 


'06' 


'83' 


'01' 


'0C 


'95' 


'01' 


'08' 


ADM3 




'A4' 


'06' 


'83' 


'01' 


'0D' 


'95' 


'01' 


'08' 


ADM4 




'A4' 


'06' 


'83' 


'01' 


'0E' 


'95' 


'01' 


'08' 


ADM5 




'A4' 


'06' 


'83' 


'01' 


'11' 


'95' 


'01' 


'08' 


PIN Master 
PIN 


1 


'B4' 


'06' 


'83' 


'01' 


'12-1E' 


'95' 


'01' 


'08' 


RFU 

(Global) 


3 


'A4' 


'06' 


'83' 


'01' 


'81' 


'95' 


'01' 


'08' 


PIN2 Appl 1 


2 


'A4' 


'06' 


'83' 


'01' 


'82' 


'95' 


'01' 


'08' 


PIN2 Appl 2 




'A4' 


'06' 


'83' 


'01' 


'83' 


'95' 


'01' 


'08' 


PIN2 Appl 3 




'A4' 


'06' 


'83' 


'01' 


'84' 


'95' 


'01' 


'08' 


PIN2 Appl 4 




'A4' 


'06' 


'83' 


'01' 


'85' 


'95' 


'01' 


'08' 


PIN2 Appl 5 


2 


'A4' 


'06' 


'83' 


'01' 


'86' 


'95' 


'01' 


'08' 


PIN2 Appl 6 




'A4' 


'06' 


'83' 


'01' 


'87' 


'95' 


'01' 


'08' 


PIN2 Appl 7 




■A4' 


'06' 


'83' 


'01' 


'88' 


'95' 


'01' 


'08' 


PIN2 Appl 8 




'A4' 


'06' 


'83' 


'01' 


'89' 


'95' 


'01' 


'08' 


RFU 




'A4' 


'06' 


'83' 


'01' 


'8A' 


'95' 


'01' 


'08' 


ADM6 


6 


'A4' 


'06' 


'83' 


'01' 


'8B' 


'95' 


'01' 


'08' 


ADM7 




'A4' 


'06' 


'83' 


'01' 


'8C 


'95' 


'01' 


'08' 


ADM8 




'A4' 


'06' 


'83' 


'01' 


'8D' 


'95' 


'01' 


'08' 


ADM9 




'A4' 


'06' 


'83' 


'01' 


'8E' 


'95' 


'01' 


'08' 


ADM10 




'B4' 


'06' 


'83' 


'01' 


'90-9E' 


'95' 


'01' 


'08' 


RFU (Local) 


4 


'97' 


'00' 


- 


- 


- 


- 


- 


- 


NEV 


7 



A single application shall use key reference '01' as PIN and key reference '81' as PIN2. 



B.2 Proprietary tag coding for 3G TS 31.101 Application 

1. In case of creating a DF: 

In this case, the following data in the proprietary tag shall be provided in the CREATE FILE command if and only if an 
DF is created for storing an application. 

Table 25: Coding of the proprietary data for 3G TS 31.101 [4] 
(in case of the creation of an application DF) 



Value 


M/O 


Description 


Length 


'A5' 


M 


Tag: Constructed proprietary information 


1 byte 


LL 




Length (next byte to the end) 


1 byte 


'81' 


M 


Tag: Power Consumption TLV, see 3G TS 31. 101 [4] for coding 


1 byte 


LL 




Length of the data 


1 byte 


XX ... XX 




Data of the Power Consumption TLV 


LL bytes 
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2. In case of creating an EF: 

In this case no proprietary data is specified. No 'A5' or '85' tag shall be provided in the CREATE FILE command. 

B.3 Security Attribute Formats 

For the 3G TS 31.101 application the security attribute formats are for further study. 
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Annex C (informative): 

Security Attributes Mechanisms and Examples 

C.1 Coding 

Two codings are defined: 

a compact coding based on bitmaps; 

an expanded coding which is an extension of the compact coding with intermediate scope containing bitmap and 
TLV list management. 

The security conditions for bits not set to 1 in the AM byte are set to NEVer by default. 

C.2 Compact format 

The compact format access rule is indicated by tag '8C in the FCP. An access rule in this format is encoded with: 

- an AM byte as defined in ISO/IEC 7816-9 [3]; 

- one or more SC bytes as defined in ISO/IEC 7816-9 [3]. 

C.2.1 AM byte 

The AM byte conveys two types of information: 

interpretation of the AM byte itself; 

number of SC bytes in the access rule. 

If b8 in the AM byte is set to '0' the AM byte is followed by a number of SC bytes equal to the number of bits set to '1' in 
the AM byte (excluding b8). Each SC bytes codes the conditions relevant to a set of commands, in the same order (b7 to 
bl) as in the AM byte. When b8 is set to '1' the usage of b7-b4 is proprietary. 

When multiple sets of an AM byte and one or more corresponding SC bytes are present in the value field of the DO, tag 
'8C they represent an OR condition. 



C.2.2 SC byte 



The SC byte specifies which security mechanisms are necessary to conform to the access rules, see ISO/IEC 7816-9 [3]. 
The 4 most significant bits (b8-b5) indicates the required security condition. A SE may be specified in bits b4-bl. If a 
SE is specified the mechanisms that may be defined in it for external authentication, user authentication and command 
protection shall be used, if indicated by bits b4-bl. 

If bit b8 is set to '1' all conditions in bits b7-b5 shall be satisfied. If bit b8 is set to '0' at least one of the conditions set in 
bits b7-b5 shall be satisfied. If b7 is set to '1' , the CRT of the SE indicated in bits b4-bl describes whether secure 
messaging shall apply to the command APDU, the response APDU or both. 

C.2. 3 Examples 

For EFs with the access condition ALW for READ and UPDATE the security attribute would look as follows: 



Tag 


L 


AM 


SC 


SC 


'8C 


'03' 


'03' 


'00' 


'00' 
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For EFs with the access condition ALW for READ the security attribute would look as follows: 



Tag 


L 


AM 


sc 


'8C 


'02' 


'01' 


'00' 



This rule is applicable to EF ICC , e.g. 



For EF DIR the access rule would be as follows. The ADM condition is indicated by a user authentication. The key 
reference is implicitly known. 



Tag 


L 


AM 


SC 


SC 


'8C 


'03' 


'03' 


'90' 


'00' 



C.3 Expanded format 



In the expanded format AM_DOs and SC_DOs are used to create the access rules. The compact format access rule is 
indicated by tag AB' in the FCP. An access rule in this format is encoded with: 

n AM_DO followed by a sequence of; 

- C_DOs. 

C.3.1 AM_DO 

The AM_DO is defined in ISO/IEC 7816-9 [3]. The content of the AM_DO is defined by the tag value. Tag '80' 
indicates that the AM_DO contains an AM byte. Tags '8r-'8F' indicates that the AM_DO contains a command 
description. Tag '9C indicates that the AM_DO contains a proprietary state machine description. 

When multiple sets of AM_DOs and one or more corresponding SC_DOs are present in the value field of the DO 
following tag '8B' they represent an OR condition. 

C.3.2 SC_DO 

The SC_DO is defined in ISO/IEC 7816-9 [3]. The SC_DO definition contains an OR and an AND template. Several 
SC_DOs may be attached to a particular operation. 

If the SC_DOs are encapsulated in an OR template, then only one of the security conditions has to be fulfilled for 
the operation to be allowed. 

If the SC_DOs are not to be encapsulated in an OR template or if the SC_DOs are encapsulated in an AND 
template, then all security conditions shall be fulfilled before the operation is allowed. 



C.3.3 Access rule referencing 



Access rules in expanded format (AM_DOs and SC_DOs) may be stored in a linear fixed/variable EF, each record 
contain on ore more rules, as defined in ISO/IEC 7816-9 [3]. The access rule file may be an internal file, referenced 
implicitly, or may be referenced explicitly, e.g. by a file ID. The access rule stored in a file is indicated by tag '8B' in the 
FCP. The value of this DO contains at least one record number, called ARR. The record can contain: 

a single byte containing the record number of the rule, valid if the access rule is (implicitly) known; 

three bytes containing two bytes with the File ID of the access rule file followed by one byte with the record 
number for the access rule; 

if the value field is coded with a length of 2 + nx2, for n>l, it contains the File ID and one or more SEID/ARR 
pairs, where the SEID codes the SE number on one byte. For each SE, the access rules indicated in the ARR 
following its SE# are valid. 
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C.3.4 Examples 



The access rule for EF PL would look as follows. The READ and SEARCH access condition is ALWays. The UPDATE 
access condition is Application! PIN or Application2 PIN. 
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Tag 


L 


AM_DO 
Tag 


L 


V 


OR 

Tag 


L 


SC_DO 
Tag 


L 


Key Ref 

Tag 


L 


V 


Usage 
Qualifier 

Tag 


L 


V 


SC_DO 

Tag 


L 


Key 
Ref 

Tag 


L 


V 


Usage 
Qualifier 

Tag 


L 


V 


AM_DO 

Tag 


L 


V 


SC_DO 

Tag 


L 


'AB' 


'IB' 


'80' 


'01' 


'02' 


'A0' 


'10' 


'A4' 


'06' 


'83' 


'01' 


'01 


'95' 


'01' 


'08' 


A4' 


'06' 


'83' 


'01' 


'02' 


'95' 


'01' 


'08' 


'80' 


'01' 


'01' 


'90' 


'00' 
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